Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
48 lines (28 sloc) 8.46 KB

A Public Web of Trust of Public Identities

By Ouri Poupko ( and Ehud Shapiro (

In the world of people's public actions, privacy is not the name of the game, it is instead a well-known single public identity. - Tim Berners-Lee

Following Tim Berners-Lee design issue of a public identity we are investigating ways, not only for a person to manage and maintain both his private and public credentials, but also to obtain trust over his public identity. Such trust will have many benefits, including:

  1. As Berners-Lee suggests, public figures would like to make sure that their public activity is clearly associated with them and no one else.
  2. At least minimal trusted publicity is required to help reduce fake identities (sybils) and their impact on social networks
  3. It enables democratic processes, specifically voting, in a fully decentralized and distributed way based on self sovereign identities.


We start by mathematically define the concepts of a public identity and a public web of trust1. Let H be a set of people and A a set of attributes which are predicates over people. For each h in H and a in A, ah is true if the predicate a holds for the person h. A profile is a finite set of attributes A subset A.

A person h in H who created a key-pair K_P K_S is the owner of K_P and K_S. A public identity p equals K_P and A consists of a public key K_P and a profile A signed with the corresponding private key K_S. A is called the profile of p.

Let P be a set of public identities with profile attributes in A. A trust edge over P is a directed edge e from p to p', T subset A and p,p' in P. The trust edge e is called truthful if T is true of owner p' and an attack edge otherwise. A public web of trust over P, also called a trust graph, is a graph W is P and E with a set of trust edges E over P.

DID implementation of a public web of trust

Next we describe an implementation of a public identity and a public web of trust, using the DID specification and the Verifiable Credentials specification. As DID supports privacy, but does not require it, most of the implementation is straight forward. A DID document can hold multiple public keys and can describe separate keys for authentication Vs. authorization. As long as all these keys are bounded together in a single public DID document, they can be regarded as synonyms for the one public key that identifies a public identity. A DID document can point to a verifiable credentials service that can expose the owner's attributes, whether cryptographycally encoded or not. Attributes can be attested by 3rd parties, or self attested by the owner on himself. A DID document with an accompanied verifiable credentials storage can therefor serve as a public identity as defined above.

To create a public web of trust we use a second verifiable credentials service, with our own defined context, defining a single field for the claim called 'trustedAttributes'. The 'id' field for this claim is the DID of the trusted person and the 'issuer' of this verifiable claim is the trusting person. See the image below for an example. A digital signature of the trusted claim, signed by the issuer, can prove the validity of the trust claim. Such a verifiable claim can serve as a trust edge as defined above, revealing only ids of the trusting person, the trusted person and his trusted claim. Storing all such trusted edges for a given community in a single service point can provide a complete trust graph for that community, as defined above.

Public web of trust as verifiable credentials

further work

The e-Democracy group in the computer science department of the Weizmann institute of science, led by Prof. Udi Shapiro is investigating the computational foundations for e-Democracy. Towards this goal we add the following definitions1:

A profile A is true of a person h, Ah is true, if ah is true for all a in A. Let HA in H be the set of people of which A is true, HA definition. The profile A is:

  • fake if HA is empty.
  • transparent if HA has one item.
  • opaque if HA has more items.

Let p equals K_P and A be a public identity. The owner of p is the person who owns its public key, owner p is owner kp. The public identity p is:

  • honest if its profile A is true of its owner, A owner p is true. Otherwise, p is sybil.
  • unique if it is the sole public identity owned by its owner, uniqueness. Otherwise, p is non-unique.
  • fake, transparent, or opaque if its public profile is so, respectively.

We expect an e-democracy to strive that its public identities be honest and transparent. To achieve this we use graph conductivity to analyze a trust graph and bound the number of sybils in a graph. A public web of trust as proposed here can serve as such a graph and hence enables the identification and eradication of sybils in a community based on self sovereign identities. Some relevant preliminary results can be found here. Abstracts of ongoing research can be found here.


1: Poupko, O and Shapiro, E, A Public Web of Trust of Public Identities: Supporting Sybil-Resilient e-Community Building. In preparation,, 2018.

You can’t perform that action at this time.